It was discovered that the web-based administration interface in theHorde Application Framework did not guard against Cross-Site RequestForgery (CSRF) attacks. As a result, other, malicious web pages couldcause Horde applications to perform actions as the Horde user.

The oldstable distribution (wheezy) did not contain php-hordepackages.

For the stable distribution (jessie), this problem has been fixed inversion 5.2.1+debian0-2+deb8u2.

For the testing distribution (stretch) and the unstable distribution(sid), this problem has been fixed in version 5.2.8+debian0-1.

We recommend that you upgrade your php-horde packages.

Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/